search

nstilt1 / crypto-on-the-edge

A WIP Rust crate for generating private keys from IDs based on an HKDF, and eliminates the need to store private keys.
Apache License 2.0
0 stars 0 forks source link

Implementing automated versioning #7

Closed nstilt1 closed 5 months ago

nstilt1 commented 5 months ago

The goal of this PR is to create a relatively-automated MasterKey, where versions and EPOCH times can be routinely increased. This PR will fix #4, and it will fix #1, with the exception of providing ways to change signature algorithms and KDF algorithms (unless I can get that sorted out).

There are several requirements for the MasterKey:

  1. Every single generated key and key ID MUST expire. If they don't expire, there could exist a "MasterKey" that an attacker could use that will always be validated. The probability of this seems to be extremely low, but would be there nonetheless.
  2. Versions need to expire as well as IDs. This will not apply to non-expiring keyless_ids, but for any expiring key ID, if the version is too old to have possibly been generated with a specific version, the key needs to be invalidated based on the version.
nstilt1 commented 5 months ago

Also fixes #6 as the timestamp precision and bits are now constant parameters